EJ B security does not work correctly when no permssion is set and the user
does a login
----------------------------------------------------------------------------------------
Key: GERONIMO-4669
URL: https://issues.apache.org/jira/browse/GERONIMO-4669
Project: Geronimo
Issue Type: Bug
Security Level: public (Regular issues)
Components: OpenEJB
Affects Versions: 2.2
Reporter: Ivan
Assignee: Ivan
Fix For: 2.2
Currently, if in the ejb-jar.xml file, not method-permission exists, we will
not create a JACC Manager. But the securityEnabled is always set to true, so
while the user login in, then the access is denied. In the past versions, we
always create a JACC Manager even if no method permisson is set, and in it, all
the method invocation permissions are granted. This issue blocked some EJB TCK
testcases, I think.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
